Abhijith PA pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
82bb5580 by Abhijith PA at 2023-05-03T01:44:06+05:30
Mark CVE-2021-38698, CVE-2021-41803, CVE-2022-24687 and
CVE-2022-40716 as not affected.
Add commit reference for CVE-2022-24687 with upstream tag.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -52696,6 +52696,7 @@ CVE-2022-40717 (This vulnerability allows
network-adjacent attackers to execute
NOT-FOR-US: D-Link
CVE-2022-40716 (HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4,
and 1.13. ...)
- consul <unfixed> (bug #1027161)
+ [buster] - consul <not-affected> (Vulnerable Code not present)
NOTE:
https://discuss.hashicorp.com/t/hcsec-2022-20-consul-service-mesh-intention-bypass-with-malicious-certificate-signing-request/44628
NOTE:
https://github.com/hashicorp/consul/commit/ae822d752ad36007e353249691a0ef318cf55d08
(v1.11.9)
CVE-2022-40715 (An issue was discovered in NOKIA 1350OMS R14.2. An Absolute
Path Trave ...)
@@ -98178,7 +98179,9 @@ CVE-2022-24688 (An issue was discovered in DSK DSKNet
2.16.136.0 and 2.17.136.5.
NOT-FOR-US: DSK DSKNet
CVE-2022-24687 (HashiCorp Consul and Consul Enterprise 1.9.0 through 1.9.14,
1.10.7, a ...)
- consul <unfixed> (bug #1006487)
+ [buster] - consul <not-affected> (Vulnerable Code not present)
NOTE:
https://discuss.hashicorp.com/t/hcsec-2022-05-consul-ingress-gateway-panic-can-shutdown-servers/
+ NOTE:
https://github.com/hashicorp/consul/commit/d35c6a97cbdff252f5238d6b52f49786f896566a
(1.9.15)
CVE-2022-24686 (HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17,
1.1.11, and ...)
- nomad <unfixed> (bug #1021273)
NOTE:
https://discuss.hashicorp.com/t/hcsec-2022-01-nomad-artifact-download-race-condition/35559
@@ -123883,6 +123886,7 @@ CVE-2021-41804
RESERVED
CVE-2021-41803 (HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not
properl ...)
- consul <unfixed> (bug #1034841)
+ [buster] - consul <not-affected> (Vulnerable Code not present)
NOTE:
https://discuss.hashicorp.com/t/hcsec-2022-19-consul-auto-config-jwt-authorization-missing-input-validation/44627
NOTE:
https://github.com/hashicorp/consul/commit/34872682e44f6e7e6359c88bf9e333fa1002a99b
(v1.11.9)
CVE-2021-41802 (HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3
allowed a ...)
@@ -131684,7 +131688,7 @@ CVE-2021-38699 (TastyIgniter 3.0.7 allows XSS via
/account, /reservation, /admin
CVE-2021-38698 (HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply
endpoint allow ...)
- consul 1.8.7+dfsg1-6 (bug #1015218)
[bullseye] - consul <no-dsa> (Minor issue)
- [buster] - consul <no-dsa> (Minor issue)
+ [buster] - consul <not-affected> (Vulnerable code not present)
NOTE:
https://discuss.hashicorp.com/t/hcsec-2021-24-consul-missing-authorization-check-on-txn-apply-endpoint/29026
NOTE:
https://github.com/hashicorp/consul/commit/747844bad6410091f2c6e961216c0c5fc285a44d
(v1.8.15)
CVE-2021-38697 (SoftVibe SARABAN for INFOMA 1.1 allows Unauthenticated
unrestricted Fi ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82bb558032826c53ec6e6272ff0fdc41103bdc06
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82bb558032826c53ec6e6272ff0fdc41103bdc06
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
